Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3231322e302f32332d3234203d3e20383334.roa
File:                     3134372e3132352e3231322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          KTng8NHBRKg0uOkc1q1oS7SKRyft8xkKEWW130SYJuo=
Subject key identifier:   09:4C:49:30:58:1F:9A:A8:C9:71:95:AC:D1:15:07:4A:CC:BD:2E:AD
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       098D2CCAAFBF464B76B11A3E6BCD465592778079
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3231322e302f32332d3234203d3e20383334.roa
Signing time:             Tue 21 Apr 2026 09:09:12 +0000
ROA not before:           Tue 21 Apr 2026 09:04:12 +0000
ROA not after:            Tue 20 Apr 2027 09:09:12 +0000
asID:                     834
IP address blocks:        147.125.212.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:8d:2c:ca:af:bf:46:4b:76:b1:1a:3e:6b:cd:46:55:92:77:80:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr 21 09:04:12 2026 GMT
            Not After : Apr 20 09:09:12 2027 GMT
        Subject: CN=094C4930581F9AA8C97195ACD115074ACCBD2EAD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ba:0f:41:43:b4:61:8b:2f:b8:01:a9:b6:e7:
                    9d:9f:c5:b9:66:a6:79:32:ff:86:39:96:6f:cf:a1:
                    f5:18:a2:c8:56:17:e0:f2:65:1b:b8:8c:5b:dd:d8:
                    b2:b0:dc:5c:63:70:0e:ca:35:4b:73:03:c2:fc:e7:
                    26:d8:a1:34:42:eb:59:6f:af:81:ea:64:89:23:30:
                    86:7c:46:79:15:66:ae:bf:e6:eb:10:f8:6c:1f:7f:
                    a9:72:14:93:93:97:27:f7:39:0e:57:a6:b5:b3:a1:
                    5c:75:07:cc:60:b2:8c:46:d6:be:a1:6c:69:e2:14:
                    3b:b5:c1:92:96:67:3f:08:67:45:a4:4a:f2:83:8a:
                    1c:35:84:0b:9e:e7:f2:bd:02:ec:e8:9d:17:47:ef:
                    0e:34:da:ce:4d:3c:91:f5:41:7f:b3:32:13:8a:e0:
                    66:86:75:0d:62:4d:fa:12:61:a3:8f:87:e2:e6:cb:
                    b3:58:63:f0:7b:d7:c9:fc:4a:c1:59:99:c0:60:97:
                    3a:1e:88:ac:bb:40:84:3e:af:06:b4:3a:26:10:46:
                    62:a8:69:24:88:eb:f5:56:64:54:9b:c6:aa:fe:a5:
                    90:16:5c:81:5e:68:dc:ac:d9:d0:35:17:73:12:45:
                    44:71:3e:6c:f3:6e:a5:bf:24:89:7a:3e:92:d9:cc:
                    e8:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:4C:49:30:58:1F:9A:A8:C9:71:95:AC:D1:15:07:4A:CC:BD:2E:AD
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3231322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:d1:2a:c5:d3:3f:11:8f:b0:8f:11:61:0a:b7:b9:3a:d2:31:
         8f:33:19:a5:55:43:83:44:45:25:74:a7:ce:66:44:ea:41:73:
         1b:ff:6f:5a:57:f4:0c:27:08:56:b9:46:21:63:68:8d:41:fd:
         d7:f2:f0:16:a1:95:c7:b5:55:3b:d0:18:75:70:a2:52:04:5f:
         33:1d:a9:46:3a:a3:55:14:30:01:d9:b7:52:65:0b:4e:72:ae:
         c1:0d:58:06:eb:03:6a:49:20:ba:fa:ee:e3:d9:d9:6f:98:fa:
         5f:77:72:f0:5a:14:64:84:9d:8e:7b:51:59:95:f6:c9:bf:f9:
         72:7a:31:84:2c:e7:89:cc:e4:6a:fb:24:2b:67:d0:b5:51:a1:
         a5:4c:03:b5:62:db:95:5a:6e:50:7c:19:f8:91:6f:3a:c6:51:
         41:db:2c:74:38:32:d9:8b:7e:45:fe:d1:92:27:1e:f1:2a:66:
         18:f0:ea:77:27:00:f1:c0:31:ac:23:00:87:9f:22:c8:2d:c1:
         56:76:ed:b3:ba:f0:64:fa:79:09:b5:9a:c8:b9:bf:f2:d0:c5:
         d8:66:42:96:90:aa:0c:bf:10:ab:80:5e:ee:45:6e:06:22:e6:
         37:82:cb:66:ff:33:ea:9c:a6:b4:bd:21:88:23:0a:bd:86:1d:
         b8:71:42:49
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCY0syq+/Rkt2sRo+a81GVZJ3gHkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MjEwOTA0MTJaFw0yNzA0MjAwOTA5MTJaMDMxMTAvBgNV
BAMTKDA5NEM0OTMwNTgxRjlBQThDOTcxOTVBQ0QxMTUwNzRBQ0NCRDJFQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3ug9BQ7Rhiy+4Aam2552fxblm
pnky/4Y5lm/PofUYoshWF+DyZRu4jFvd2LKw3FxjcA7KNUtzA8L85ybYoTRC61lv
r4HqZIkjMIZ8RnkVZq6/5usQ+Gwff6lyFJOTlyf3OQ5XprWzoVx1B8xgsoxG1r6h
bGniFDu1wZKWZz8IZ0WkSvKDihw1hAue5/K9AuzonRdH7w402s5NPJH1QX+zMhOK
4GaGdQ1iTfoSYaOPh+Lmy7NYY/B718n8SsFZmcBglzoeiKy7QIQ+rwa0OiYQRmKo
aSSI6/VWZFSbxqr+pZAWXIFeaNys2dA1F3MSRURxPmzzbqW/JIl6PpLZzOg3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCUxJMFgfmqjJcZWs0RUHSsy9Lq0wHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzEzMjJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAZN9
1DANBgkqhkiG9w0BAQsFAAOCAQEAi9EqxdM/EY+wjxFhCre5OtIxjzMZpVVDg0RF
JXSnzmZE6kFzG/9vWlf0DCcIVrlGIWNojUH91/LwFqGVx7VVO9AYdXCiUgRfMx2p
RjqjVRQwAdm3UmULTnKuwQ1YBusDakkguvru49nZb5j6X3dy8FoUZISdjntRWZX2
yb/5cnoxhCzniczkavskK2fQtVGhpUwDtWLblVpuUHwZ+JFvOsZRQdssdDgy2Yt+
Rf7Rkice8SpmGPDqdycA8cAxrCMAh58iyC3BVnbts7rwZPp5CbWayLm/8tDF2GZC
lpCqDL8Qq4Be7kVuBiLmN4LLZv8z6pymtL0hiCMKvYYduHFCSQ==
-----END CERTIFICATE-----